KBI 310799 Issue Addressed: Argent For Compliance May Read Empty Event Log Message When Using WMI Method

Version

Argent for Compliance 3.1A-1401-A or below

Date

Friday, 10 Jan 2014

Summary

If event message DLL is corrupted or missing, Windows cannot compose the complete message text

If it is viewed in Event Log Viewer, message may be displayed as following:


When Argent for Compliance reads the same event using WMI, WMI only returns empty message instead

The test result may look like following:

Technical Background

Argent for Compliance 3.1A-1401-B has been enhanced to compose a substitute message using insertion strings

The test result may look like following:

Resolution

Upgrade to Argent AT 3.1A-1401-B or later

Customer, who cannot upgrade, can switch the Rule to use method ‘Automatically Determined‘ or ‘Read Event Log File Directly